Graphic interfaces, such as graphic interfaces of web browsers, typically have security vulnerabilities in the form of visual spoofing. Such vulnerabilities can lead to malicious exploitations such as address bar spoofing and status bar spoofing. Such spoofing can lure even experienced users to perform unintended actions that result in serious security consequences.
The computer-human interface or graphical user interface (GUI) plays an important role in systems security since a computer is simply a tool for people to perform real world activities, such as banking, trading, advertising and socializing. A user should be considered an “endpoint” of a communication channel between a server and client. Currently the trustworthiness of the “world wide web” is mainly to provide machine-to-machine trust over the Internet, so that the client (e.g., the browser computer) communicates to the intended server. Such a trust can be easily shattered by the last link between the client and its user (i.e., the “endpoint”), and thus the end-to-end security is compromised.
The exposure of the machine user weakness is not limited to non-technical social engineering attacks where naive users are fooled to click on an arbitrary hyperlink and download malicious executables without any security awareness. Even for a technology savvy and security conscious user, vulnerabilities exist, and spoofing can take place. For example, even if an experienced user examines a status bar of the email client before the user clicks on a hyperlink, the user may not be able to tell that the status bar is spoofed and is navigated to an unexpected website. Furthermore, even if a user checks correspondence between a displayed uniform resource locator (URL) in a browser address bar and top level web page content, the user may not realize that the address bar is spoofed and that the displayed page comes from a malicious web site. Indeed, the combination of the email status bar spoofing and the browser address bar spoofing can give a rather “authentic” browsing experience to a faked web page. Spoofing can lead to numerous malicious acts, such as identity theft (i.e., “phishing”), malware installation, and faked news or information.
A visual spoofing flaw is a generic term that refers to any flaw producing a misleading user interface or graphical user interface (GUI). Such flaws have been discovered in various commodity browsers (i.e., Internet browsers) including Internet Explorer (IE), Firefox, and Netscape Navigator. Visual spoofing flaws can be due to GUI logic flaws, where such flaws allow a malicious party to set “wrong” information in authentic security indicators, where authentic security indicators include email client status bars, the browser address bars and security warning dialog boxes.